@Override public UserAccount getActiveUserAccount(String username, Long domainId) { return _userAccountDao.getUserAccount(username, domainId); }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(password)) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Retrieving user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } if (!user.getPassword().equals(encode(password))) { s_logger.debug("Password does not match"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); } return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); }
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(final String username, final String password, final Long domainId, final Map<String, Object[]> requestParameters) { Pair<Boolean, ActionOnFailedAuthentication> rc = new Pair<Boolean, ActionOnFailedAuthentication>(false, null); // TODO not allowing an empty password is a policy we shouldn't decide on. A private cloud may well want to allow this. if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return rc; } if (_ldapManager.isLdapEnabled()) { final UserAccount user = _userAccountDao.getUserAccount(username, domainId); List<LdapTrustMapVO> ldapTrustMapVOs = _ldapManager.getDomainLinkage(domainId); if(ldapTrustMapVOs != null && ldapTrustMapVOs.size() > 0) { if(ldapTrustMapVOs.size() == 1 && ldapTrustMapVOs.get(0).getAccountId() == 0) { // We have a single mapping of a domain to an ldap group or ou return authenticate(username, password, domainId, user, ldapTrustMapVOs.get(0)); } else { // we are dealing with mapping of accounts in a domain to ldap groups return authenticate(username, password, domainId, user, ldapTrustMapVOs); } } else { //domain is not linked to ldap follow normal authentication return authenticate(username, password, domainId, user); } } return rc; }
UserAccount user = _userAccountDao.getUserAccount(username, domainId); if (user == null) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId);
s_logger.info("User signature: " + signature + " is not equaled to computed signature: " + computedSignature); } else { user = _userAccountDao.getUserAccount(username, domainId);
UserAccount user = this._userAccountDao.getUserAccount(username, domainId); if (user != null) { isValidUser = true;
@Override public Pair<Boolean, ActionOnFailedAuthentication> authenticate(String username, String password, Long domainId, Map<String, Object[]> requestParameters) { if (s_logger.isDebugEnabled()) { s_logger.debug("Trying SAML2 auth for user: " + username); } if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) { s_logger.debug("Username or Password cannot be empty"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } final UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); if (userAccount == null || userAccount.getSource() != User.Source.SAML2) { s_logger.debug("Unable to find user with " + username + " in domain " + domainId + ", or user source is not SAML2"); return new Pair<Boolean, ActionOnFailedAuthentication>(false, null); } else { User user = _userDao.getUser(userAccount.getId()); if (user != null && user.getSource() == User.Source.SAML2 && user.getExternalEntity() != null) { return new Pair<Boolean, ActionOnFailedAuthentication>(true, null); } } // Deny all by default return new Pair<Boolean, ActionOnFailedAuthentication>(false, ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); }
s_logger.debug("Attempting to log in user: " + username + " in domain " + domainId); UserAccount userAccount = _userAccountDao.getUserAccount(username, domainId); domainName = domain.getName(); userAccount = _userAccountDao.getUserAccount(username, domainId);